830 matches found
CVE-2023-0295
The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2022-46854
Cross-Site Request Forgery CSRF vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin = 1.0.13 versions...
CVE-2022-26101
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2022-22546
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...
CVE-2022-39799
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2020-6210
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-6281
SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting...
CVE-2019-0395
SAP BusinessObjects Business Intelligence Platform Fiori BI Launchpad, before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability...
The vulnerability of the BI Launchpad component of the SAP BusinessObjects Business Intelligence Platform allows a attacker to perform cross-site scripting attacks.
The vulnerability of the BI Launchpad component of the SAP BusinessObjects Business Intelligence Platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
CVE-2025-24867 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)
SAP BusinessObjects Platform BI Launchpad does not sufficiently handle user input, resulting in Cross-Site Scripting XSS vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link,...
SAP BusinessObjects BI LaunchPad 跨站脚本漏洞
SAP BusinessObjects BI LaunchPad is a standard Web portal for users of the SAP BusinessObjects Business Intelligence BI platform from SAP, Germany. A cross-site scripting vulnerability exists in SAP BusinessObjects BI LaunchPad that stems from improper input handling and can lead to a cross-site...
CVE-2020-26815
SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...
Malicious code in launchpad-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e634713ebf6a8dfa6716324301d5ae77fb7e1081cc18e12d85dc9a2cce5d85a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1140 Malicious code in launchpad-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e634713ebf6a8dfa6716324301d5ae77fb7e1081cc18e12d85dc9a2cce5d85a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in launchpad-ui (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-670 Malicious code in launchpad-ui (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
Malicious code in launchpad-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b1c1a2444b5a8db795db02aedebf9d8feddb28e3bc8cafcf438c5d8a086f315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10618 Malicious code in launchpad-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b1c1a2444b5a8db795db02aedebf9d8feddb28e3bc8cafcf438c5d8a086f315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...